Web3 Security Books and Resources

Welcome to the DF3NDR Web3 Security Books website. This collection of resources covers the security aspects of Web3 development. It is a living document that is being updated and expanded.

Introduction

In 2016, when I first began working with Ethereum, the information on the subject was spread across an array of various mediums. The first significant book on the subject that I came across was “Master Ethereum” by Andreas M. Antonopoulos, Gavin Wood, which first came out in December 2018. It remains a great book on the subject. Since then I have read many, many others, but when I really tried to dive deeply into security in 2021, I again found the information was limited and not terribly organized.

Having been an engineer for a couple decades it has become clear that many people in the field were either holding their cards close to their chest or simply too busy to share their knowledge. This is understandable, but it the result is not something that is sustainable.

At the time the Web3 field was in desperate needs of security professionals. It has been my belief since that the beginning that a security first approach is the only way to ensure the long-term success of the technology. Unfortunately, the rise of DeFi outpaced the rise of Web3 security.

As I deepened my personal knowledge and collected resources I also realized that many engineers are reluctant to admit their lack of knowledge as a consequence of imposter syndrome. While they also had a rightful fear of applications being hacked, they also feared the critique from security professionals. None of this is unique to Web3 but the consequences are of course much higher.

The best engineers I have worked with have always been the ones who are willing to admit what they don’t know and share what they do. When I started really looking into Web3 Security I realized how little I actual knew about the subject. With the aforementioned dearth of information I began a long journey of learning and documenting what I learned.

Initially this was just a collection of resources and notes. A growing mishmash of links, articles, videos and eventually courses on the subject. I had also created my own checklists and best practices based on my experience both in the field and from software security in general. Along the way I decided to give it all a bit more structure.

These books are the result of that ongoing journey. A compendium of knowledge, resources and best practices that I have collected over the years. By no means do I claim to have created the concepts within. I am just a humble traveler on the road, searching to provide some security on the way to greater liberty and freedom. My hope is only that others looking may find a few shortcuts on their own journey toward Web3 Security.

Overview

The first book, Web3 Security for IT Professionals should be accessible to anyone with IT or technology experience. The second book, Web3 Security Best Practices starts to become more technical. An effort is made to make all the content accessible to as many people as possible by (eventually) providing links and suggestions in areas where more information is required.

Nonetheless, it is impossible to avoid the inevitable narrowing of audience focus as things progress. Again, the idea is to provide as much as possible so that section by section while keeping the requirement for previous technical experience as low as possible. The third book begins to steepen as we begin a deeper dive into the programmatic aspects of Smart Contract security. Things become more technical still in our fourth book as we discuss the process of auditing Smart Contracts.

Organization

Each book is broken down into multiple subsections that contain multiple parts covering particular subjects. They can be read through serially or accessed in an ad-hoc fashion with each section and subsection standing alone. If you are familiar with Smart Contracts and the basics of Web3 you will find Book 1 “Web3 for IT Professionals” redundant.

The focus is obviously favors security concerns over other aspect of developing smart contracts or creating projects. Those subjects that are covered in-depth by many others.

Process and Publication

This a living document that I have been building since 2022 and it is actively changing. It is meant to offer resources for those interested in Web3 Security. I welcome corrections, updates and additions from those who wish to contribute. Contact me via the DF3NDR website or on GitHub.

License

Creative Commons BY-NC-ND 4.0(https://creativecommons.org/licenses/by-nc-nd/4.0/)

And thanks for all the fish…

To all who’ve inspired, contributed and been supportive, my greatest thanks. Cheers.